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DETAILED ACTION 



1 . Claims 1 -30 are pending. 

Claim Rejections - 35 USC § 101 

2. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or 
composition of matter, or any new and useful improvement thereof, may obtain a patent 
therefor, subject to the conditions and requirements of this title. 

Claims 1-15 are rejected under 35 U.S.C. 101 because the claimed invention is 

directed to non-statutory subject matter. 

Claims 1-15 are nonstatutory because they recite a computer program per se 
representing functional descriptive material with out a computer and/or a 
computer readable medium. 



Claim Rejections - 35 USC § 102 

3. The following is a quotation of the appropriate paragraphs of 35 
U.S.C. 102 that form the basis for the rejections under this section made in this 
Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 
122(b), by another filed in the United States before the invention by the applicant for patent or 
(2) a patent granted on an application for patent by another filed in the United States before 
the invention by the applicant for patent, except that an international application filed under 
the treaty defined in section 351(a) shall have the effects for purposes of this subsection of an 
application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 
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4. Claims 1, 7-9, 13, 15, 16, 22-24, 28 and 30 are rejected under 35 
U.S.C. 102(e) as being anticipated by Brustoloni, (US Patent Publication No. US 
2003/0236999 A1). 

As per Claim 1 : Brustoloni teaches: 

- A method of authenticating indicated IP source addresses comprised in IP 
data packets to be transmitted through an IP network, the method 
comprising the steps of: 

(Abstract, lines 1-11 " Ingress filtering has been adopted by the IETF as a 
methodology for preventing denial of service congestive attacks that spoof the 
source address in packets that are addressed to host server victims. Unless 
universally adopted by all ISPs on the Internet, however, a packet's source 
address cannot be totally trusted to be its actual source address. To take 
advantage of benefits of ingress filtering as it is gradually deployed by ISPs 
around the Internet, differentiated classes of service are used to transport 
packets whose source address can be trusted and packets whose source 
address cannot be trusted."). 

- receiving an IP data packet at an incoming edge of an IP network, the IP 
data packet comprising an indicated IP source address 

(Abstract, lines 11-12 "A packet received by an access or edge router"). 
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- determining whether said IP data packet having been received at said 
incoming edge of the IP network is consistent with it having originated at 
said indicated IP source address 

(Paragraph 0008 lines 10-12 "With ingress filtering, ISP ingress routers 
will drop a packet that arrives in a port if the packet's source address does not 
match a prefix associated with the port."). 

- ensuring that a predetermined data field of said IP data packet contains a 
value representative of whether said IP data packet having been received at 
said incoming edge of the IP network is consistent with it having originated 
at said indicated IP source address. 

(Paragraph 0012 lines 5-7 "If it is not properly associated, the packet is 
dropped. Otherwise, the packet is marked for forwarding in the privileged class of 
service."). 

(Paragraph 0014 lines 13-16 "Thus, if a packet obeys the desired 
predicate, it is transported in the privileged class of service, and if it does not, the 
packet is either dropped or segregated for transmission in the unprivileged 
class."). 

In a system that is set up to mark a packet it is inherently necessary for it 
to have a field defined in which it is to do so. 

As per Claim 7: The rejection of claim 1 is incorporated and further Brustoloni 
teaches: 
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- determining whether said IP data packet having been received at said 
incoming edge of the IP network has been received from a peer carrier 
which has already determined whether said IP data packet having been 
received at said incoming edge of the IP network is consistent with it 
having originated at said indicated IP source address 

(Paragraph 0022 lines 8-10 "At step 302, a determination is made whether 
that packet has arrived from an ISP that does supports ingress filtering."). 

- ensuring that the predetermined data field of said IP data packet contains 
a value representative of whether said IP data packet having been received 
at said incoming edge of the IP network was determined by said peer 
carrier to be consistent with it having originated at said indicated IP source 
address. 

(Paragraph 0022 lines 10-13 " If that source ISP does not support ingress 
filtering, then, at step 303, that packet is marked for transmission to its 
destination in an unprivileged class of service and is forwarded."). 

(Paragraph 0022 lines 17-21 "If, however, at step 302, it is determined that 
the arriving packet came from an ISP that does support ingress filtering, such as 
ISP 101 , then, at step 304, that packet is forwarded to its destination ISP in the 
same class in which it is already marked."). 

(Paragraph 0014 lines 13-16 as seen in the rejection of claim 1). 
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Since Brustoloni's method either excepts the value marked by the prior 
router or places it own, the containing of a value in the predetermined data field 
is insured. The source ISP is the peer carrier. 

As per Claim 8: Brustoloni teaches: 

- A method of processing IP data packets received from an IP network, the 
IP data packets comprising indicated IP source addresses and one or more 
of the IP data packets having been marked with indicia of whether the 
indicated IP source address comprised therein has been authenticated by 
the IP network, the method comprising the steps of: 

(Abstract, lines 1-11 as seen in the rejection of claim 1). 
(Abstract, last line "class of service in which it is already marked."). 

- determining whether the indicated IP source address comprised in each 
one of said one or more of the IP data packets has been authenticated by 
the IP network 

(Paragraph 0022 lines 8-10 as seen in the rejection of claim 7). 

A packet arriving from an ISP supporting filtering has been authenticated, 
a packet arriving from an ISP not supporting filtering has not been authenticated. 
The filtering is the authentication. 
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- processing each one of the one or more of the IP data packets based on 
whether the indicated IP source address comprised therein has been 
authenticated by the IP network. 

(Paragraph 0022 lines 10-13 as seen in the rejection of claim 7). 
(Paragraph 0022 lines 17-21 as seen in the rejection of claim 7). 
The forwarding based on the class it decided to mark it as is the 
processing. 

As per Claim 9: The rejection of claim 8 is incorporated and further Brustoloni 
teaches: 



- said indicia of whether the indicated IP source address comprised in said 
one or more of the IP data packets has been authenticated by the IP 
network comprises a value contained in a predetermined data field of each 
of said IP data packets. 

(Paragraph 0012 lines 5-7 as seen in the rejection of claim 1). 
(Paragraph 0014 lines 13-16 as seen in the rejection of claim 1). 
In a system that is set up to mark a packet it is inherently necessary for it 
to have a field defined in which it is to do so. 



As per Claim 13: The rejection of claim 8 is incorporated and further Brustoloni 
teaches: 
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- discarding each of said one or more IP data packets for which the 
indicated IP source address comprised therein has not been authenticated 
by the IP network. 

(Paragraph 0008 lines 10-12 as seen in the rejection of claim 1). 
(Paragraph 0014 lines 13-16 as seen in the rejection of claim 1). 
(Paragraph 0022 lines 10-13 as seen in the rejection of claim 7). 
Dropping a packet inherently includes discarding the packet as claimed. 

As per Claim 15: The rejection of claim 8 is incorporated and further Brustoloni 
teaches: 

- prioritizing the one or more of the IP data packets based on whether the 
indicated IP source address comprised therein has been authenticated by 
the IP network, said IP data packets for which the indicated IP source 
address comprised therein has been authenticated by the IP network 
having a higher priority than said IP data packets for which the indicated IP 
source address comprised therein has not been authenticated by the IP 
network. 

(Paragraph 0022 lines 10-13 as seen in the rejection of claim 7). 
(Paragraph 0014 lines 13-16 as seen in the rejection of claim 1). 
(Paragraph 0012 lines 5-7 as seen in the rejection of claim 1). 
Marking for class of service is prioritizing. The privileged class of service 
is the higher priority the unprivileged class of service is the lower priority. 
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As per Claim 16: Brustoloni teaches: 

- A network edge router located at an incoming edge of an IP network 

(Abstract, lines 11-12 "A packet received by an access or edge router"). 

- the router adapted to authenticate indicated IP source addresses 
comprised in IP data packets to be transmitted through the IP network, the 
router comprising 

(Paragraph 0008 lines 10-12 as seen in the rejection of claim 1). 

- an input port which receives an IP data packet at the incoming edge of the 
IP network 

A router inherently has an input port which allows it to function. 

- the IP data packet comprising an indicated IP source address 

(Abstract, lines 1-11 as seen in the rejection of claim 1). 

- means for determining whether said IP data packet having been received 
at said incoming edge of the IP network is consistent with it having 
originated at said indicated IP source address 

(Paragraph 0008 lines 10-12 as seen in the rejection of claim 1). 
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Packet's source address is checked for matching a prefix associated with 
the port inherently including means for determining whether said IP data packet 
having been received at said incoming edge of the IP network is consistent with it 
having originated at said indicated IP source address. 

- means for ensuring that a predetermined data field of said IP data packet 
contains a value representative of whether said IP data packet having been 
received at said incoming edge of the IP network is consistent with it 
having originated at said indicated IP source address. 

(Paragraph 0012 lines 5-7 as seen in the rejection of claim 1). 

(Paragraph 0014 lines 13-16 as seen in the rejection of claim 1). 

In a system that is set up to mark a packet it is inherently necessary for it 
to have a field defined in which it is to do so. Marking a packet based on a 
determination inherently includes a means for ensuring a value representative of 
that determination in the predetermined data field. 

As per Claim 22: The rejection of claim 16 is incorporated and further Brustoloni 
teaches: 

- means for determining whether said IP data packet having been received 
at said incoming edge of the IP network has been received from a peer 
carrier which has already determined whether said IP data packet having 
been received at said incoming edge of the IP network is consistent with it 
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having originated at said indicated IP source address 

(Paragraph 0022 lines 8-10 as seen in the rejection of claim 7). 

Determining if a packet has arrived from an ISP supporting filtering 
inherently includes a means for determining if the packet arrived from a peer 
carrier that has already made a determination. 

- means for ensuring that the predetermined data field of said IP data 
packet contains a value representative of whether said IP data packet 
having been received at said incoming edge of the IP network was 
determined by said peer carrier to be consistent with it having originated at 
said indicated IP source address. 

(Paragraph 0022 lines 10-13 as seen in the rejection of claim 7). 

(Paragraph 0022 lines 17-21 as seen in the rejection of claim 7). 

(Paragraph 001 4 lines 1 3-1 6 as seen in the rejection of claim 1 ). 

Since Brustoloni's method either excepts the value marked by the prior 
router or places it own, the containing of a value in the predetermined data field 
is insured. 

The marking or acceptance of prior marking inherently include a means for 
ensuring a content of the predetermined data filed. 



As per Claim 23: Brustoloni teaches: 
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- A server adapted to process IP data packets received from an IP network, 
the IP data packets comprising indicated IP source addresses and one or 
more of the IP data packets having been marked with indicia of whether the 
indicated IP source address comprised therein has been authenticated by 
the IP network, the server comprising: 

(Abstract, lines 11-12 "A packet received by an access or edge router"). 
A router in Brustoloni's method is this server. 

- means for determining whether the indicated IP source address 
comprised in each one of said one or more of the IP data packets has been 
authenticated by the IP network 

(Paragraph 0022 lines 8-10 as seen in the rejection of claim 7). 

A packet arriving from an ISP supporting filtering has been authenticated, 
a packet arriving from an ISP not supporting filtering has not been authenticated. 
The filtering is the authentication. 

This determination inherently contains a means for determining whether or 
not a packet has been authenticated. 

- means for processing each one of the one or more of the IP data packets 
based on whether the indicated IP source address comprised therein has 
been authenticated by the IP network. 

(Paragraph 0022 lines 10-13 as seen in the rejection of claim 7). 
(Paragraph 0022 lines 17-21 as seen in the rejection of claim 7). 
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The forwarding based on the class it is marked inherently contains a 
means for processing a packet based on whether or not its source address has 
been verified. 

As per Claim 24: The rejection of claim 23 is incorporated and further Brustoloni 
teaches: 

- said indicia of whether the indicated IP source address comprised in said 
one or more of the IP data packets has been authenticated by the IP 
network comprises a value contained in a predetermined data field of each 
of said IP data packets. 

(Paragraph 0012 lines 5-7 as seen in the rejection of claim 1). 

(Paragraph 0014 lines 13-16 as seen in the rejection of claim 1). 
In a system that is set up to mark a packet it is inherently necessary for it to have 
a field defined in which it is to do so. 

As per Claim 28: The rejection of claim 23 is incorporated and further Brustoloni 
teaches: 

- means for discarding each of said one or more IP data packets for which 
the indicated IP source address comprised therein has not been 
authenticated by the IP network. 

(Paragraph 0008 lines 10-12 as seen in the rejection of claim 1). 
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(Paragraph 0022 lines 10-13 as seen in the rejection of claim 7). 
(Paragraph 0014 lines 13-16 as seen in the rejection of claim 1). 
Dropping a packet inherently includes a means for discarding it. 

As per Claim 30: The rejection of claim 23 is incorporated and further Brustoloni 
teaches: 

- means for prioritizing the one or more of the IP data packets based on 
whether the indicated IP source address comprised therein has been 
authenticated by the IP network, said IP data packets for which the 
indicated IP source address comprised therein has been authenticated by 
the IP network having a higher priority than said IP data packets for which 
the indicated IP source address comprised therein has not been 
authenticated by the IP network. 

(Paragraph 0022 lines 10-13 as seen in the rejection of claim 7). 

(Paragraph 0014 lines 13-16 as seen in the rejection of claim 1). 

(Paragraph 0012 lines 5-7 as seen in the rejection of claim 1). 

Marking for class of service is prioritizing. The privileged class of service 
is the higher priority the unprivileged class of service is the lower priority. 

The marking for class of service inherently includes a means for 
prioritizing data packets. 
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Claim Rejections - 35 USC § 103 

5. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for 
all obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described 
as set forth in section 102 of this title, if the differences between the subject matter sought to 
be patented and the prior art are such that the subject matter as a whole would have been 
obvious at the time the invention was made to a person having ordinary skill in the art to which 
said subject matter pertains. Patentability shall not be negatived by the manner in which the 
invention was made. 

6. Claims 2 and 17 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Brustoloni, (US Patent Publication No.: US 2003/0236999 A1), 
in view of Maximum Security, Fourth Edition ( Security ). 

As per Claim 2: Brustoloni does not explicitly teach: 

- performing a Reverse Path Forwarding test on said IP data packet. 

However Security in analogous art teaches the above limitation. 

( Security excerpt page 2 paragraph 3 lines 1-2 "Cisco released the 
Unicast RPF (Reverse Path Forwarding) feature in IOS 12.0 (it was also in an 
earlier 11.1 (CC) release) to try to mitigate problems caused by bad source 
addresses in packets."). 

It would have been obvious to one of ordinary skill in the art at the time of 
invention was made to incorporate the teachings of Security in to the teachings of 
Brustoloni, because one of ordinary skill in the art would be motivated to 
implement a system that is able to verify that packets being received already 



Application/Control Number: 10/776,719 Page 16 

Art Unit: 2109 

have a source address existing in your routers routing table to better protect your 
system, your clients or customers their of and other attached systems. 

As per Claim 17: 

Claim 17 is the same as claim 2 and rejected under the same reasons set 
forth in claim 2. 

A system with Reverse Path Forwarding implemented inherently has a 
means for its use. 

7. Claims 4-6, 11,12, 19-21, 26 and 27 are rejected under 35 U.S.C. 103(a) 
as being unpatentable over Brustoloni, (US Patent Publication No.: US 
2003/0236999 A1 ), in view of IP Routing Protocols ( IP Routing ). 

As per Claim 4: Brustoloni does not explicitly teach: 

- said predetermined data field of said IP data packet comprises a Type of 
Service data field. 

However IP Routing in analogous art teaches the above limitation. 

( IP Routing excerpt page 1 second to last paragraph "The type of sen/ice 
(TOS) field can be used to identify several quality of service (QOS) functions 
provided for an Internet application. Transit delay, throughput, precedence, and 
reliability can be requested with this field."). 
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It would have been obvious to one of ordinary skill in the art at the time of 
invention was made to incorporate the teachings of IP Routing in to the teachings 
of Brustoloni because one of ordinary skill in the art would be motivated to 
include a field capable of setting priority (delay, throughput, precedence). To 
ensure that packets marked for the privileged class of service (as in Brustoloni's 
method) will receive attention first. 

As per Claim 5: Brustoloni teaches: 

- if said IP data packet having been received at said incoming edge of the IP 
network is not consistent with it having originated at said indicated IP 
source address 

(Paragraph 0022 lines 10-13 as seen in the rejection of claim 7). 
(Paragraph 0014 lines 13-16 as seen in the rejection of claim 1). 
(Paragraph 0008 lines 10-12 as seen in the rejection of claim 1). 

- if said IP data packet having been received at said incoming edge of the IP 
network is consistent with it having originated at said indicated IP source 
address. 

(Paragraph 0012 lines 5-7 as seen in the rejection of claim 1). 
(Paragraph 0022 lines 17-21 as seen in the rejection of claim 7). 



Brustoloni does not explicitly teach: 
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- ensuring that the Type of Service data field contains a zero value 

However IP Routing in analogous art teaches the above and following limitation. 

( IP Routing excerpt page 2 first 2 lines "Bit 3 is the delay bit (D bit). When 
set to 1 this TOS requests a short delay through an intemet.Bit 3 is the delay bit 
(D bit). When set to 1 this TOS requests a short delay through an internet"). 

If setting Bit 3 to a 1 request a low delay then setting it to a 0 (the only 
other available position for a bit) obviously will result in a higher delay. 

It would have been obvious to one of ordinary skill in the art at the time of 
invention was made to incorporate the teachings of IP Routing in to the teachings 
of Brustoloni and enter a zero for the delay bit for failing to meet the desired 
predicate, because one of ordinary skill in the art would be motivated to make 
sure that a packet failing a test of it's source address and being marked for the 
unprivileged class of service would receive less priority than packets that pass 
the test. 

- ensuring that the Type of Service data field contains a non-zero value 

( IP Routing excerpt page 2 first 2 lines "Bit 3 is the delay bit (D bit). When 
set to 1 this TOS requests a short delay through an intemet.Bit 3 is the delay bit 
(D bit). When set to 1 this TOS requests a short delay through an internet"). 

It would have been obvious to one of ordinary skill in the art at the time of 
invention was made to incorporate the teachings of IP Routing in to the teachings 
of Brustoloni and enter a one for the delay bit for successfully meeting the 
desired predicate, because one of ordinary skill in the art would be motivated to 
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make sure that a packet passing a test of it's source address and being marked 
for the privileged class of service would receive more priority than packets that 
failed the test. 

As per Claim 6: Brustoloni teaches: 

- determining if the [specified] field already has a [specified affirming] 
value, and modifying the [specified] field to have a [specified affirming] 
value only if it does not already have a [specified affirming] value. 

(Paragraph 0022 lines 17-21 as seen in the rejection of claim 7). 
(Paragraph 0012 lines 5-7 as seen in the rejection of claim 7). 
If the mark (made by the preceding ISP in the packets path) is accepted 
then is the mark is not modified. 

Brustoloni does not explicitly teach: 

- the [specified] field as a Type of Service field 

However IP Routing in analogous art teaches the above and following limitation. 

( IP Routing excerpt page 1 second to last paragraph as seen in the 
rejection of claim 4). 

It would have been obvious to one of ordinary skill in the art at the time of 
invention was made to incorporate the teachings of IP Routing in to the teachings 
of Brustoloni because one of ordinary skill in the art would be motivated to 
include a field capable of setting priority (delay, throughput, precedence). To 
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ensure that packets marked for the privileged class of service (as in Brustoloni's 
method) will receive attention first. 

- the [specified affirming] value as a non-zero value 

( IP Routing excerpt page 2 first 2 lines as seen in the rejection of claim 5). 

It would have been obvious to one of ordinary skill in the art at the time of 
invention was made to incorporate the teachings of IP Routing in to the teachings 
of Brustoloni and have or enter a one for the delay bit for successfully meeting 
the desired predicate, because one of ordinary skill in the art would be motivated 
to make sure that a packet passing a test of it's source address and being 
marked for the privileged class of service would receive more priority than 
packets that failed the test. 

As per Claim 11: Claim 1 1 is the same as claim 4 and rejected under the same 
reasons as set forth in the rejection of claim 4. 

As per Claim 12: Claim 12 is the same as claim 5 and rejected under the same 
reasons as set forth in the rejection of claim 5. 

As per Claim 19: Claim 19 is the same as claim 4 and rejected under the same 
reasons as set forth in the rejection of claim 4. 
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As per Claim 20: Claim 20 is the same as claim 5 and rejected under the same 
reasons as set forth in the rejection of claim 5. 

Setting the delay bit to zero inherently includes a means for ensuring a 
zero value in the Type of Service field. 

Setting the delay bit to one inherently includes a means for ensuring a 
non-zero value in the Type of Service field. 

As per Claim 21 : Claim 21 is the same as claim 6 and rejected under the same 
reasons as set forth in the rejection of claim 6. 

Taking actions based on a fields contents inherently includes a means for 
determining a fields contents. 

Setting the delay bit to one inherently includes a means for entering a non- 
zero value in the Type of Service field. 

As per Claim 26: Claim 26 is the same as claim 4 and rejected under the same 
reasons as set forth in the rejection of claim 4. 

As per Claim 27: Claim 26 is the same as claim 5 and rejected under the same 
reasons as set forth in the rejection of claim 5. 

8. Claims 3, 10, 18 and 25 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Brustoloni, (US Patent Publication No.: US 2003/0236999 A1), 
in view of Building Internet Firewalls, 2nd Edition ( O'Reilly ). 
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As per Claim 3: Brustoloni does not explicitly teach: 

- said predetermined data field of said IP data packet comprises an 
otherwise unused data field of said IP data packet. 

However O'Reilly in analogous art teaches the above limitation. 

( O'Reilly excerpt page 3 section 4.1 .1 .2 IP layer lines 10-12 "The IP options field 

Almost always empty; where options like the IP source route and the IP security 
options would be specified if they were used for a given packet"). 

It would have been obvious to one of ordinary skill in the art at the time of 
invention was made to incorporate the teachings of O'Reilly in to the teachings of 
Brustoloni, because one of ordinary skill in the art would be motivated to make 
use of a field not otherwise in use in order to have a defined area of data space 
available for placing information to fully implement a control/security mechanism 
without interfering with the resources necessary for the rest of an environment to 
function. 

As per Claim 10: The rejection of claim 9 is incorporated and further: 

Claim 25 is the same as claim 3 and rejected under the same reasons as 
set forth in the rejection of claim 3. 

As per Claim 18: The rejection of claim 16 is incorporated and further: 
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Claim 25 is the same as claim 3 and rejected under the same reasons as 
set forth in the rejection of claim 3. 

As per Claim 25: The rejection of claim 24 is incorporated and further: 

Claim 25 is the same as claim 3 and rejected under the same reasons as 
set forth in the rejection of claim 3. 

9. Claims 14 and 29 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Brustoloni, (US Patent Publication No.: US 2003/0236999 A1), 
in view of Access Control Lists: Overview and Guidelines ( Cisco ACL ) 

As per Claim 14: Brustoloni does not explicitly teach: 

- performing a look up of one or more indicated IP source addresses 
comprised in one or more corresponding IP data packets which have been 
authenticated by the IP network, and wherein the step of processing each 
one of the one or more of the IP data packets based on whether the 
indicated IP source address comprised therein has been authenticated by 
the IP network further comprises discarding one or more of said IP data 
packets for which the indicated IP source address comprised therein has 
been authenticated by the IP network based on said look up of said one or 
more indicated IP source addresses comprised in one or more 
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corresponding IP data packets which have been authenticated by the IP 
network. 

However Cisco ACL in analogous art teaches the above limitation: 

( Cisco ACL page 2 section What Access Lists Do paragraph 1 line 2-3 
"Your router examines each packet to determine whether to forward or drop the 
packet, based on the criteria you specified within the access lists."). 

( Cisco ACL page 2 section What Access Lists Do paragraph 2 line 1 
"Access list criteria could be the source address of the traffic"). 

( Cisco ACL page 2 section Why You Should Configure Access Lists 
paragraph 3 "access lists can allow one host to access a part of your network, 
and prevent another host from accessing the same area. In Figure 6, Host A is 
allowed to access the Human Resources network and Host B is prevented from 
accessing the Human Resources network."). 

It would have been obvious to one of ordinary skill in the art at the 
time of invention was made to incorporate the teachings of Cisco ACL in to the 
teachings of Brustoloni, because one of ordinary skill in the art would be 
motivated to make use of a control list since, just because a packet isn't part of a 
DoS attack or using a spoofed source address that doesn't necessarily mean the 
sender of the packet has a right to access a destination or target resource. 

As per Claim 29: The rejection of claim 28 is incorporated and further: 

Claim 29 is the same as claim 14 and rejected under the same reasons as 
set forth in the rejection of claim 14. 
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An implemented Access Control List inherently has a means for 



performing its own functions. 



Conclusion 



Any inquiry concerning this communication or earlier communications from 
the examiner should be directed to Benjamin A. Kaplan whose telephone number 
is 571-270-3170. The examiner can normally be reached on 7:30 a.m. - 5:00 
p.m. E.S.T.. 

If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Chameli Das can be reached on 571-270-1392. The fax 
phone number for the organization where this application or proceeding is 
assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from 
the Patent Application Information Retrieval (PAIR) system. Status information 
for published applications may be obtained from either Private PAIR or Public 
PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair- 
direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll- 
free). If you would like assistance from a USPTO Customer Service 
Representative or access to the automated information system, call 800-786- 



9199 (IN USA OR CANADA) or 571-272-1000. 
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